Signature schemes are designed to be the digital equivalent of handwritten signatures. They are used to provide authentication, data-integrity, and non-repudiation. A signature scheme has a signer A, who intends to send a message M, to one or more recipients in an authentic manner. Signature schemes primarily include four basic algorithms: parameter generation or setup, key generation, signature generation, and signature verification.
A digital signature provides integrity and authenticity for messages, and is the only security service specified by the Near Field Communication (NFC) forum. The goal is to avoid tampering with a message (integrity) and to have some sort of proof that the message was authenticated or “digitally signed” by a trusted part (authenticity).
Given that digital signatures can provide integrity, authenticity, and confidentiality, they are extremely versatile and can accommodate almost any application scenario. There are two well known digital signature schemes that have withstood the test of time. The RSA scheme, which is based on the problem of factoring larger integers, and elliptic curve cryptography (EEC), which is based on the intractability of computing discrete logarithms for elliptic curve groups.
The Chinese State Encryption Management Bureau (SEMB) published a series of elliptic curve cryptographic algorithms called the SM2 Elliptic Curve Signature Algorithm (SM2-ECSA). The SM2-ECSA digital signature scheme is similar to the Nyberg-Rueppel digital signature scheme described in IEEE 1363-2000, sections 7.2.5 and 7.2.6. A variant of the Nyberg-Rueppel digital signature scheme known as the Elliptic Curve Pinstov-Vanstone Signature scheme is also standardized in ANSI X9.92. The SM2-ECSA digital signature scheme differs from the Nyberg-Rueppel scheme by a modification of the signature generation formula. It deviates from traditional signature schemes in the inclusion of other information of the user. This other information of the user is incorporated into the message being signed. The SM2-ECSA specification fails to name this other information of the user, and so for the sake of simplicity it is referred to herein as the identity hash value.
The SM2-ECSA digital signature scheme setup is consistent with other digital signature schemes. However, the SM2 adds to the traditional digital signature schemes in regards to distinguished identifiers and the creation of the identity hash value. The SM2-ECSA digital signature algorithm uses additional information, the so-called distinguishing identifiers, as well as elliptic curve parameters and the public key of the signer. The agreement on how these are to be formed is part of a scheme setup and requires as input the curve parameters, an identifier of the signer, a base point G of the elliptic curve, and a public key of the signer PA. The algorithm also assumes a consistently agreed upon hash function as specified in the scheme setup.